Re: rest of works for security providers in v9.1

(2010/12/14 1:03), Robert Haas wrote:
> On Mon, Dec 13, 2010 at 8:32 AM, KaiGai Kohei<kaigai(at)kaigai(dot)gr(dot)jp> wrote:
>> (2010/12/13 21:53), Robert Haas wrote:
>>> 2010/12/12 KaiGai Kohei<kaigai(at)ak(dot)jp(dot)nec(dot)com>:
>>>>
>>>> I'd like to see opinions what facilities should be developed
>>>> to the current v9.1 development cycle.
>>>
>>> It seems to me that the next commit after the label-switcher-function
>>> patch ought to be a contrib module that implements a basic form of
>>> SE-Linux driven permissions checking. I'm pretty unexcited about
>>> continuing to add additional facilities that could be used by a
>>> hypothetical module without actually seeing that module, and I think
>>> that the label-switcher-function patch is the last piece of core
>>> infrastructure that is a hard requirement rather than "nice to have".
>>> I'd rather have a complete feature with limited capabilities than
>>> half a feature with really awesome capabilities.
>>>
>> It is a good news for me also, because I didn't imagine SE-PostgreSQL
>> module getting upstreamed, even if contrib module.
>>
>> OK, I'll focus on the works to merge the starter-version of SE-PostgreSQL
>> as a contrib module in the last commit fest.
>>
>> Probably, I need to provide its test cases and minimum documentations
>> in addition to the code itself. Anything else?
>
> Extremely detailed instructions on how to test it.
>
Indeed, it will be necessary.

Two more questions:
How does the contrib module behave when we try to make all the
contrib modules on the platform that doesn't provide libselinux?
One idea is to add a few checks about selinux environment in
the configure script.

I counted number of lines of the sepgsql module that implement
only currently supported hooks. It has 3.2KL of code not.
How about scale of the patch to review?

Thanks,
--
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>